The European Union (EU) and the United States of America have reached a provisional agreement for the transatlantic data transfer pact. Although the agreement isn’t inked into a formal pact yet, this could help companies in the US and Europe exchange user data while still complying with prevailing laws and regulations.
The European Union and the United States announced a preliminary data transfer deal on Friday, reported Reuters. This agreement should primarily help American companies that have remained in a precarious position after Europe's top court threw out previous pacts such as Safe Harbor and the Privacy Shield. The court had earlier expressed its serious concern over U.S. surveillance as well as the lack of clarity about data collection, handling, storage, and processing policies.
US President Joe Biden and European Commission President Ursula von der Leyen, at a joint news conference in Brussels, indicated that the provisional agreement takes into account the court's concerns and offers stronger legal protections.
"Today, we've agreed to unprecedented protections for data privacy and security for citizens," announced US President Biden, while von der Leyen added:
I am very pleased that we have found an agreement in principle on a new framework for transatlantic data flows. This will enable predictable and trustworthy data flows between the EU and U.S., safeguarding privacy and civil liberties.
Needless to mention, both the statements seem quite broad and offer no clue as to what constituted an agreement or what clauses were discussed, agreed, or rejected during the talks. But companies like Meta (formerly Facebook) could breathe a sigh of relief as they would soon continue harvesting user data. Meta had recently clarified that it had never threatened to pull out of the EU if its operations continued facing hurdles.
The US President and the EU Commission President seem to have merely agreed to set the ball rolling after the EU struck down the two pacts that previously made transatlantic data transfer possible and legal. It would obviously take several months for the provisional agreement to be turned into a final legal deal.
While the US will need to draft and legalize an Executive Order, the EU will require an internal consultation with the European Commission as well as with the European Data Protection Board. Incidentally, EU citizens are already protected by data-protection laws such as GDPR and CCPA. Hence, any new pact would obviously have to be compliant with these laws.